Strategies Apple iOS Mobile Device Security StateofPlay Permissions Limited access to approved datasystems Access Control Password amp Idle screen locking Isolation Limits an apps ability ID: 739311
Download Presentation The PPT/PDF document "Telco & Mobile Security" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Telco & Mobile Security
StrategiesSlide2
Apple iOS
Mobile Device Security - State-of-Play
Permissions
Limited access to approved data/systemsAccess ControlPassword & Idle screen lockingIsolationLimits an apps ability to accessdata or other system resources EncryptionConceal data at rest on the deviceProvenanceApps are stamped to identity theauthor for tamper resistance
Symantec - A Window Into Mobile Device Security (11.Jun)
AndroidSlide3
Mobile – Current & Future Threats
Mobile devices hold a richset of personal information:Location detailsbrowsing & call historycontact lists & phone #’sSMS, email & FacebookCalendar detailsPasswords in clear textPremium-rate callingInternet Access remainsa large vulnerability holeUp-In-Coming Threats
Micro-payment vulnerabilitiesAccess to corporate server“LikeJacking”
LookOut - Mobile Threat Report (11.Aug)McAfee - Mobility and Security Dazzling Opportunities, Profound Challenges (11.May)Slide4
Mobile Security
– Market ChallengesRecent Issues…iPhone “Root-kitting”Bypassing device security Theft of smartphones, & tabletssensitive records compromisedSpoofed ActiveSync policy appsReporting higher security than what is actually available“Co-mingling”Mixing private & corporate dataMalwareStealing data & bandwidthUncertified apps with malwareCapturing info & forwardingDevice Management Checklist
J. Gold - A Heuristic Approach to Mobile Security, ‘11
DescriptionCur-rentNext Gen
Device Upgrade Flexibility
Threat Analysis
Location-Aware usage
User Device SwitchingDevice Policy
Capabilities
Network Security
Dynamic Corporate Policies
Scalability Expandability
App & Data Security
Slide5
Malware Threat Example - Repackaging
LookOut - Mobile Threat Report (11.Aug)Slide6
Mobile Security – Lacking Awareness
Awareness of Company Security and Data Protection Policies for Mobile Devices:Greatest Security Concerns forMobile DevicesMcAfee - Mobility and Security Dazzling Opportunities, Profound Challenges (11.May)Slide7
Telco Security – Market Drivers
SubscribersMobile users are in early stages of facing significant mobile threats.Handsets hold sensitive dataAccess to sensitive data (online banking, micro payments)Subscriber are unaware of mobile security threats and mitigation is largely ignored.OperatorsLacking visibility to subscriber network activity & threatsmobile, land-line, & internet
protection for subscribersProviding additional service valuePreparing for future mobile threatsSlide8
Malware Mitigation – Hidden Costs
Maintenance and RepairManaging signature updatesCost of paying to fix systems infected by malwareHardware OverheadMost anti-malware consume large amounts processing power, memory and storage space.Lost ProductivityLost Productivity per employeeDiffering mobile Operating Systems to manage infectionsCompany CostsDue to stolen Mbytes of bandwidth from Malwarehttp://www.networksecurityjournal.com/features/malware-burden-012208/
LookOut - Mobile Threat Report (11.Aug)Slide9
Mobile Data - Smartphone Trends
Subscribers used 79 MB per month in ‘10, 125% from ‘09Expect a 16-fold increase (1.3 GB per month) by ‘15Average mobile speed in ‘10 was 215 kbps, 2.2Mbps by ‘15.Cisco - Visual Networking Index Global Mobile Data '11Slide10
Mobile
Data – Increasing Costs & UsageEvolving Usage by App – (Allot)Monthly Data Usage – (Nielson)http://www.wired.com/wiredscience/2011/06/how-much-does-your-data-cost/
Average U.S. Smartphone Data Usage Up 89% as Cost per MB Goes Down 46%
http://blog.nielsen.com/nielsenwire/online_mobile/Allot – Mobile Trends, Global Mobile Broadband Traffic Report
11.H1Slide11
Internet
Switching
Network
TCP/IP
GPRS
UMTS
Malware is Stealing Bandwidth
12% Web
Browsing
39%
Video
Streaming
44% File
Sharing
3
% VoIP
& IM
2% Malware
& Other
70%
Trojans
7.8%
Worms
16.8%
Viruses
2.3%
Adware
1.9%
Backdoor
0.1%
Spyware
Panda Security - Malware Statics,
11.Mar.16
Allot
– Mobile Trends, Global Mobile Broadband Traffic Report
11.H1Slide12
Mobile Malware Usage - Vampire Data
Malware bandwidth stolenFrom €15 to €60 per year0AcceleratorsRoaming will accelerate malware cost by over 30x1Multiple Malware instances Power Users are 25x more exposed to malware costs
2A Provider with 1m subscribers - Vampire Costs would exceed €30m
per year30 Based on 500 bytes/min typical = 21.6 MB per month @ €0.06 per
MB, & up to 4 Malware per handset
1Based
on Roaming costs in Europe between € 1.2 and € 12 Euros per
MB, 2Based
on 2GB monthly usage3
Average two malware instances across the subscriber base- http
://ec.europa.eu/information_society/activities/roaming/data/index_en.htm - Average U.S. Smartphone Data Usage Up 89% as Cost per MB Goes Down 46%http://blog.nielsen.com/nielsenwire/online_mobile/
Smartphones Data CostSlide13
Mobile Security –
Emerging PatternsMalware acting as a botnet will exploit many vulnerabilitiesAbuse of premium-rate text messagesAttacks gather sensitive data for commercial or political purposesFinancial fraud as more mobile finance and payment apps emerge
Cisco - Visual Networking Index Global Mobile Data '11
LookOut - Mobile Threat Report (11.Aug)Slide14
Telco Security - Objectives
End-point protection achieved by app suitesFirewalls & VPNDisk EncryptionRemote wipingLocation-based servicesAnti-MalwareInfrastructure Security utilizesManaged SecurityFlow statisticsPolicy complianceIntrusion detectionNetwork Behavior AnalysisSeparating normal behavior from anomalous behavior
End-Point Protection
Infrastructure Security
Subscriber Security StrategySlide15
Mobile
& ISP Infrastructure SecuritySubscribers
Mobile
Network
Internet
Switching
Network
Cognitive
Analyst
Endpoint Security
Firewall,
VPN,
Disk Encryption,
Anti-Malware, etc.
Infrastructure Security
Monitoring, Network
Behavior, Forensics
Policy Compliance
TCP/IP
NetFlow
GPRS
UMTS
Gbps
Carrier Security Services
Intelligent
Analytics
&
Reporting
Actionable
Mitigation
Threat
NotificationsSlide16
Mobile Security - ApproachSlide17
Telco Security – Strategic Direction
Endpoint Security via security suites for mobile handsetsVia periodic signature updates sent to the handsetBut Endpoint Security is reliant on subscribers to install SWInfrastructure Security is necessary to protect mobile subscribersVia Network Behavior Analysis, core traffic patterns are analyzed and normal behavior is separated from abnormal behavior to detect malware
“For €2 per month we will protect you against malware-stealing-bandwidth & lost productivity”
Fraud
Phishing
Spyware
Malware
Hacking
Security Attack
Virus
!
!Slide18
Mobile Security – Business Case
Increased Revenue - ARPUValue-added security servicesCore Infrastructure Cost SavingReduce “stolen” BW by malwareIncreased security & network visibility - leads to efficient infrastructure spendingIncreased Client SatisfactionClient trust in mobile carrier through safer mobile surfingProtect transactions for online banking, & confidentialityCompetitive DifferentiationThrough enhanced security services for corporate clientsLegal ConformityProtection of minors, dangerous, & illegal content
Increased Network Reliability
From reduced malware instabilityData traffic prediction becomes more precise, through modeling of legitimate applicationsARPU – Average Revenue Per User
BW - BandwidthSlide19
Cognitive Security - What We Offer
Security InnovationDelivering Next Generations Security SolutionsResearch & Development ExpertiseContinual & Rapid development Quick development turn-aroundCost Effective R&D ResourcesIntegration with OEMs, MSSPs, & Device manufacturersAddressing Privacy ConcernsData anonymity is maintainedProduct Stability5th Generation Network Behavior Analysis platformIntuitive Management InterfaceEasy-to-Use DashboardGranular attack detection analysisSlide20
Telco Security – Final Thoughts
“The number of times an uninteresting thing happensis an interesting thing.”Marcus Ranum“laws of intrusion detection.”“Cybercriminals are investing more toward ‘R&D’ to find ways to use mobile devices and penetrate the cloud to seize the data they need to make a profit or undermine a company’s success.”“… mobile operators will try to
prevent threats at the network level… ‘If the mobile operators pushed out antivirus to their customers’ devices, it would scare users … So operators are keen to
solve security issues themselves at the network level.”Gareth MachlachlanChief Operating OfficerCisco - Annual Security Report '11TechTarget - Security
Tech Guide Mobile '11, “Mobile Phone Security
Threats, Blended Attacks Increasing”Slide21
Download the Original Presentation Here:
http://gdusil.wordpress.com/2013/03/08/telco-and-mobile-security-12/Slide22Slide23
Synopsis - Telco & Mobile Security ('12)
As mobile data is expected to grow 16 fold over the next four years*, mobile providers are facing new challenges in balancing subscriber ease-of-use, with cyber-security protection. This explosion in cellular usage and mobile commerce will require advanced levels of protection for mobile users, as hackers continue to find vulnerabilities to exploit. A dual strategy which includes end-point and infrastructure security will provide robust and cost effective levels of protection, which will also expand provider revenue streams to enhanced services, and increase ARPU through value added security solutions. Network Behavior Analysis is a viable building block to infrastructure security, and helps to protects a collective subscriber base against sophisticated mobile cyber-attacks.*Cisco - Visual Networking Index Global Mobile Data '11ARPU – Average Revenue Per UserSlide24
Tags
Network Behavior Analysis, NBA, Cyber Attacks, Forensics Analysis, Normal vs. Abnormal Behavior, Anomaly Detection, NetFlow, Incident Response, Security as a Service, SaaS, Managed Security Services, MSS, Monitoring & Management, Advanced Persistent Threats, APT, Zero-Day attacks, Zero Day attacks, polymorphic malware, Modern Sophisticated Attacks, MSA, Non-Signature Detection, Artificial Intelligence, A.I., AI, Security Innovation, Mobile security, Cognitive Security, Cognitive Analyst, Forensics analysis, Gabriel Dusil